[USN-8242-1] CiviCRM vulnerability

========================================================================== Ubuntu Security Notice USN-8242-1 May 07, 2026 civicrm vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: CiviCRM could be made to run malicious JavaScript in the user's browser if it received specially crafted input. Software Description: - civicrm: Constituent relationship management solution Details: Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS civicrm-common 5.33.2+dfsg1-1ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS civicrm-common 5.21.2+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS civicrm-common 4.7.30+dfsg-1ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS civicrm-common 4.7.1+dfsg-2ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8242-1 CVE-2023-28447